azurermSpringCloudCertificate
Manages an Azure Spring Cloud Certificate.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
import * as azuread from "./.gen/providers/azuread";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm, azuread.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermSpringCloudServiceExample =
new azurerm.springCloudService.SpringCloudService(this, "example_2", {
location: azurermResourceGroupExample.location,
name: "example-springcloud",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSpringCloudServiceExample.overrideLogicalId("example");
const dataAzureadServicePrincipalExample =
new azuread.dataAzureadServicePrincipal.DataAzureadServicePrincipal(
this,
"example_3",
{
display_name: "Azure Spring Cloud Domain-Management",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzureadServicePrincipalExample.overrideLogicalId("example");
const dataAzurermClientConfigCurrent =
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"current",
{}
);
const azurermKeyVaultExample = new azurerm.keyVault.KeyVault(
this,
"example_5",
{
access_policy: [
{
certificate_permissions: ["Create", "Delete", "Get", "Update"],
object_id: dataAzurermClientConfigCurrent.objectId,
secret_permissions: ["Set"],
tenant_id: dataAzurermClientConfigCurrent.tenantId,
},
{
certificate_permissions: ["Get", "List"],
object_id: dataAzureadServicePrincipalExample.objectId,
secret_permissions: ["Get", "List"],
tenant_id: dataAzurermClientConfigCurrent.tenantId,
},
],
location: azurermResourceGroupExample.location,
name: "keyvaultcertexample",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "standard",
tenant_id: dataAzurermClientConfigCurrent.tenantId,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultExample.overrideLogicalId("example");
const azurermKeyVaultCertificateExample =
new azurerm.keyVaultCertificate.KeyVaultCertificate(this, "example_6", {
certificate_policy: [
{
issuer_parameters: [
{
name: "Self",
},
],
key_properties: [
{
exportable: true,
key_size: 2048,
key_type: "RSA",
reuse_key: true,
},
],
lifetime_action: [
{
action: [
{
action_type: "AutoRenew",
},
],
trigger: [
{
days_before_expiry: 30,
},
],
},
],
secret_properties: [
{
content_type: "application/x-pkcs12",
},
],
x509_certificate_properties: [
{
key_usage: [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subject: "CN=contoso.com",
validity_in_months: 12,
},
],
},
],
key_vault_id: azurermKeyVaultExample.id,
name: "cert-example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultCertificateExample.overrideLogicalId("example");
const azurermSpringCloudCertificateExample =
new azurerm.springCloudCertificate.SpringCloudCertificate(this, "example_7", {
key_vault_certificate_id: azurermKeyVaultCertificateExample.id,
name: "example-scc",
resource_group_name: azurermSpringCloudServiceExample.resourceGroupName,
service_name: azurermSpringCloudServiceExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSpringCloudCertificateExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name- (Required) Specifies the name of the Spring Cloud Certificate. Changing this forces a new resource to be created. -
resourceGroupName- (Required) Specifies the name of the resource group in which to create the Spring Cloud Certificate. Changing this forces a new resource to be created. -
serviceName- (Required) Specifies the name of the Spring Cloud Service resource. Changing this forces a new resource to be created. -
keyVaultCertificateId- (Optional) Specifies the ID of the Key Vault Certificate resource. Changing this forces a new resource to be created. -
certificateContent- (Optional) The content of uploaded certificate. Changing this forces a new resource to be created.
Attributes Reference
The following attributes are exported:
-
id- The ID of the Spring Cloud Certificate. -
thumbprint- The thumbprint of the Spring Cloud certificate.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Spring Cloud Certificate.read- (Defaults to 5 minutes) Used when retrieving the Spring Cloud Certificate.delete- (Defaults to 30 minutes) Used when deleting the Spring Cloud Certificate.
Import
Spring Cloud Certificate can be imported using the resourceId, e.g.